4
How can I monitor an EXE file when it is running to see what URL it is connecting to? I assume there must be free software out there that can do this fairly easily?
James Simpson
Posted 2010-01-26T19:07:23.370
Reputation: 355
Find what URL an EXE file is sending data to
Answers
11
For in depth analysis, Wireshark is your best bet as Phoshi has already mentioned. For a quick look at the URL, you can use netstat from the command line, or TCPView.
C:\Documents and Settings\Administrator>netstat -b
Active Connections
Proto Local Address Foreign Address State PID
TCP john:1969 85.65.97.58.dynamic.barak-online.net:27645
[deluged.exe]
TCP john:1604 vx-in-f100.1e100.net:http ESTABLISHED 2904
[firefox.exe]
TCP john:1716 79-114-229-43:60126 ESTABLISHED 732
[deluged.exe]
John T
Posted 2010-01-26T19:07:23.370
Reputation: 149 037
+1 didn't know about console netstat – whitequark – 2010-01-26T19:30:07.593
7
Try Wireshark - it's just about the best out there.
Phoshi
Posted 2010-01-26T19:07:23.370
Reputation: 22 001
+1 for Wireshark as well :) – Glen Y. – 2010-01-26T19:47:10.923
0
If you want just the "URL" part, SmartSniff is one of the easiest tools. It can be used as a generic packet sniffer too.
user1686
Posted 2010-01-26T19:07:23.370
Reputation: 283 655
0
Out of the box I believe you can also find this out with netstat command. But I don't know for sure anymore because I am not running windows(only when really necessary) anymore.
Alfred
Posted 2010-01-26T19:07:23.370
Reputation: 423
0
Try Fiddler. It's a proxy for doze, which registers itself as the system proxy. If your application uses the system proxy (it might bypass it) then its requests will be intercepted by Fiddler when it's running.
fredden
Posted 2010-01-26T19:07:23.370
Reputation: 286
Any firewall that monitors outgoing traffic should tell you. Set the firewall running, then start the program. It's request should be logged and then you can find the URL. – ChrisF – 2010-01-26T20:06:54.280